I am playing with limiting client access to certain subdirectories of
cephfs running latest 12.2.4 and latest centos 7.4 kernel, both using
kernel client and fuse
I am following http://docs.ceph.com/docs/luminous/cephfs/client-auth/:
/To completely restrict the client to the //|bar|//directory, omit the
When I mount this directory with fuse, this works. When I try to mount
the subdirectory directly with the kernel client, I get
/mount error 13 = Permission denied /
This only seems to work when the root is readable.
--> Is there a way to mount subdirectory with kernel client when parent
in cephfs is not readable ?
Then I checked the data pool with rados, but I can list/get/.. every
object in the data pool using the client.foo key.
I saw in the docs of master
http://docs.ceph.com/docs/master/cephfs/client-auth/ that you can add a
tag cephfs, but if I add this I can't write anything to cephfs anymore,
so I guess this is not yet supported in luminous.
--> Is there a way to limit the cephfs user to his data only (through
cephfs) instead of being able to do everything on the pool, without
needing a pool for every single cephfs client?
ceph-users mailing list